Scribd Logo
Upload

Welcome to Scribd!

  • Apache Upgrade For Content Server

    Uploaded by

    KotiEswar
    279 views6 pages
    Apahe upgrde

    Original Title

    Apache Upgrade for Content Server

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Apahe upgrde

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    279 views6 pages

    Apache Upgrade For Content Server

    Uploaded by

    KotiEswar
    Apahe upgrde

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Apache Upgrade

    Apache Installation.........................................................................................................................................1
    Creating Certificate Requests.........................................................................................................................5

    Apache Installation
    1. Verify the content server is working by using CSADMIN.
    2. Verify offline backup successful.
    3. Ensure there is an ANSI C compiler installed. Type “gcc -v”.
    As root:
    root@r3csdbq1:/root> gcc -v
    Using built-in specs.
    Target: powerpc-ibm-aix5.3.0.0
    Configured with: ../configure --with-as=/usr/bin/as --with-
    ld=/usr/bin/ld --enable-languages=c,c++,java --prefix=/opt/freeware
    --enable-threads --enable-version-specific-runtime-libs --host=powerpc-
    ibm-aix5.3.0.0 --target=powerpc-ibm-aix5.3.0.0 --build=powerpc-ibm-
    aix5.3.0.0 --disable-libjava-multilib
    Thread model: aix
    gcc version 4.2.0
    root@r3csdbq1:/root> which gcc
    /usr/bin/gcc
    root@r3csdbq1:/root>
    4. Become root. Default umask must be 022.
    5. Verify .cshrc for sidadm and sqdsid to include. :

    set path = ( /usr/<SID>/apache/bin:/opt/pware64/bin $path )


    setenv LIBPATH /opt/pware64/lib
    set prompt="`hostname`:$USER \!> "
    alias lst 'ls -lrt|tail -20'
    alias cdback 'cd /usr/openv/netbackup/ext/db_ext/sap'
    alias cdlog 'cd /sapdb/data/wrk/<SID>/'
    alias h 'history'
    alias startap /usr/<SID>/apache/bin/apachectl start
    alias stopap /usr/<SID>/apache/bin/apachectl stop
    alias cdap cd /usr/<SID>/apache
    set history = 100

    6. Stop Apache. As sidadm stopap.


    7. Delete exiting Apache:
    As root:
    cd /usr/CQB/apache
    rm -rf *
    8. Run the below commands as root to install Apache. Apache should be installed prior to starting
    sapinst, it reads some of the Apache environment settings as part of the install. Files are created in
    the apache install directory (/admdata/sapcd/cs640/httpd-2.0.63) so it needs to be writable. If you
    experience issues with a re-install, delete the install directory and re-extract the tar file from
    /admdata/sapcd/cs640.

    As root :
    cd /usr/CQB/apache
    tar -xvf /admdata/sapcd/cs640/httpd-2.0.63.tar

    Install Apache
    unset CFLAGS EXTRA_LDFLAGS_SHLIB OBJECT_MODE
    unset LDFLAGS LIBPATH LIBS LD_LIBRARY_PATH
    export CC="gcc -maix64"
    export PERL=/usr/opt/perl5/bin/perl
    export LD_LIBRARY_PATH=/opt/pware64/lib
    export LIBS="-L/opt/pware64"
    export LIBPATH=/opt/pware64/lib
    export CPPFLAGS="-I/opt/pware64/include/openssl"
    export OBJECT_MODE=64
    cd /usr/CQB/apache/httpd-2.*

    chmod -R 777 *
    /usr/sbin/slibclean

    If failed make previously, make clean

    ./configure --prefix=/usr/CQB/apache --with-mpm=prefork --enable-ssl=shared


    --with-ssl=/opt/pware64 --with-included-apr

    make

    make install

    9. Change ownership from root to sidadm:sapsys and set sticky bit.


    chown -R cqbadm:sapsys /usr/CQB/apache
    chmod 775 /usr/CQA/apache
    chown root /usr/CQA/apache/bin/httpd
    chmod 4755 /usr/CQA/apache/bin/httpd
    10. Copy new conf files:
    For CQA/B:
    cp /admdata/sapcd/cs640/conf/CSQ/httpd*conf /usr/CQB/apache/conf
    For CSD/CSP:
    cp /admdata/sapcd/cs640/conf/httpd*conf /usr/apache/conf
    11. Adjust the configuration file /usr/CQB/apache/conf/httpd.conf. Change the line User to
    sidadm.
     User cqbadm
     CSConfigPath /home/cqbadm/conf/cs.conf
     For multi Apache install change all CQA to new SID.

    The below changes should already be made:


    Group sapsys
    Listen 1090 (1092 for CQB)
    Uncomment #Include conf/extra/httpd-ssl.conf
    12. Modify the configuration file /usr/CQB/apache/conf/httpd-ssl.conf uses port 1091 (1093 for
    CQB) and not 443. For multi Apache install change all CQA to new SID.
    13. Verify sidadm can navigate to the directory /usr/apache/htdocs and the /usr/apache directory and it’s
    subdirectories are owned by sidadm.
    14. Copy certs if they have already been generated.
    cp /admdata/sapcd/cs640/certs/CSQ/* /usr/apache/conf
    chown <sid>adm:sapsys /usr/apache/conf/*
    15. Su to sidadm and verify PATH and LIBPATH are set from above change in .cshrc for sidadm..
    16. Create the following links:
    cd /usr/CQB/apache/modules
    ln -s /home/cqbadm/modules/libsapsecu.o libsapsecu.o
    ln -s /home/cqbadm/modules/mod_sapcs2.o mod_sapcs2.o
    17. Verify the /usr/apache/conf/httpd.conf file has these entries:

    Add the line in blue:


    LoadModule sapcs_module modules/mod_sapcs2.o
    LoadModule ssl_module modules/mod_ssl.so

    Add these lines to the end:


    <IfModule mod_sapcs.cpp>
    # AddModuleInfo ContentServer "SAP Content Server 640/0 (Prototype) (C)
    SAP AG 1998, 2001"
    CSConfigPath /home/<sid>adm/conf/cs.conf

    <Location /sapcs>
    SetHandler sapcs_module
    Allow from all
    </Location>

    <Location /ContentServer/ContentServer.dll>
    SetHandler sapcs_module
    Allow from all
    </Location>

    <Location /contentserver/contentserver.dll>
    SetHandler sapcs_module
    Allow from all
    </Location>

    </IfModule>
    18. As sidadm start Apache with the command: /usr/apache/bin/apachectl start
    19. Verify Apache is started, check files in /usr/apache/logs if errors.
    % ps -ef|grep apa
    csqadm 180324 1 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    csqadm 274432 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    csqadm 299244 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    csqadm 397552 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    csqadm 405642 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    csqadm 413898 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
    20. Check website http://r3csdbq1.sempra.com:1090/ This should return the following in your browser.

    If you can see this, it means that the installation of the Apache web server software on this system
    was successful. You may now add content to this directory and replace this page.
    https://r3csdbq1.sempra.com:1091/index.html.en

    21. Change OAC0 settings by using %HTTPS. Change HTTPS fields to “”HTTPS Required”
    and enter the SSL port.
    22. Only SSL Server and SSL Client (Standard) need to have non-self sign certificates. Import the
    Content Server certificate that has been signed by Sempra and installed into Apache into both PSE’s.
    The certs are located at S:\BASIS\_mtettenb\Certificates.
     Double Click the entry under SSL Server.
     Click “Import Certificate”

     Find the appropriate .crt file and select the Base64 radio button and click check. Or select
    the *.cer file and select Binary.

     Click Add certificate to List.


     Repeat for SSL Client Standard and the certificates should be added as below:
    23. You must bounce the server after installing the certificate.
    24. After SAP is up, you should be able to connect using CSADMIN or OAC0.

    Creating Certificate Requests


    25. If you need to create Certificates follow these steps.
     Create CSR request: (For help: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert)
    cd /usr/apache/conf
    Not working Create server key: openssl rsa -noout -text -in server.key
    Create server key: openssl genrsa -des3 -out server.key 2048 (pass test)
    Create CSR: openssl req -new -key server.key -out server.csr
    View CSR: openssl req -noout -text -in server.csr

    Country Name (2 letter code) [AU]:US


    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:San Diego
    Organization Name (eg, company) [Internet Widgits Pty
    Ltd]:Sempra Energy Utilities
    Organizational Unit Name (eg, section) []:IT
    Common Name (eg, YOUR name) []:r3csdbd1.sempra.com
    Email Address []:mtettenburn@semprautilities.com

    Please enter the following 'extra' attributes


    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    ;KEY SIZE INFORMATION


    ;Key Size = 2048-bits RSA, SHA-1

    ---------INTERNAL CSR INFORMATION-----------------


    CN = (FQDN_OF_APPLICATION/SERVER)
    OU = IT
    O = Sempra Energy Utilities
    L = (San Diego or Los Angeles ONLY)
    S = CA
    C = US
     Submit CSR request: https://pkiweb1.sempra.com/certsrv/ -> Request Certificate. For
    assistance, the PKI admin is RBWilliams@Sempra.com.
     To receive the cert, use the website https://pkiweb1.sempra.com/certsrv/ the click Download
    certificate.

     After you receive your certificate copy it to /usr/apache/conf.


    cd /usr/apache/conf
    Convert certification from DER to PEM:
    openssl x509 -inform DER -outform PEM -in certnew.cer -out server.crt
    If you need to remove the pass phrase from your key use this:
    openssl rsa -in server.key -out server.key_nopass

    You might also like